Convert tests to InSpec tests (#641)

* Convert tests to InSpec tests - Convert all test files to proper InSpec format with controls and metadata - Rename test files to use _spec.rb suffix - Add inspec.yml files for all test suites - Add dependencies between test suites where appropriate - Update test structure for better organization and reporting Signed-off-by: Dan Webb <[email protected]> * Fixup Signed-off-by: Dan Webb <[email protected]> --------- Signed-off-by: Dan Webb <[email protected]>
sous-chefs · Jan 7, 2025 · b53bbc4 · b53bbc4
1 parent 426cf88
commit b53bbc4
Show file tree

Hide file tree

Showing 28 changed files with 1,765 additions and 682 deletions.
diff --git a/.github/actions/test-kitchen/action.yml b/.github/actions/test-kitchen/action.yml
@@ -1,12 +1,16 @@
-name: 'Test Kitchen Action'
-description: 'Runs Test Kitchen tests with the specified suite and OS'
+name: "Test Kitchen Action"
+description: "Runs Test Kitchen tests with the specified suite and OS"
 inputs:
   suite:
-    description: 'Test suite to run'
+    description: "Test suite to run"
     required: true
   os:
-    description: 'OS to test on'
+    description: "OS to test on"
     required: true
+  chef_version:
+    description: "Chef version to use"
+    required: false
+    default: "current"
 
 runs:
   using: "composite"
@@ -18,6 +22,7 @@ runs:
       env:
         CHEF_LICENSE: accept-no-persist
         KITCHEN_LOCAL_YAML: kitchen.dokken.yml
+        CHEF_VERSION: ${{ inputs.chef_version }}
       with:
         suite: ${{ inputs.suite }}
         os: ${{ inputs.os }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -48,23 +48,7 @@ jobs:
         with:
           suite: ${{ matrix.suite }}
           os: ${{ matrix.os }}
-
-  # TODO: This is currently broken
-  # integration-repo-overrides:
-  #   needs: lint-unit
-  #   runs-on: ubuntu-latest
-  #   strategy:
-  #     fail-fast: false
-  #     matrix:
-  #       os: ["ubuntu-2204", "ubuntu-2404"]
-  #       suite: ["repo-overrides"]
-  #   steps:
-  #     - name: Check out code
-  #       uses: actions/checkout@v4
-  #     - uses: ./.github/actions/test-kitchen
-  #       with:
-  #         suite: ${{ matrix.suite }}
-  #         os: ${{ matrix.os }}
+          chef_version: ${{ vars.CHEF_VERSION }}
 
   integration-epel:
     needs: lint-unit
@@ -89,6 +73,7 @@ jobs:
         with:
           suite: ${{ matrix.suite }}
           os: ${{ matrix.os }}
+          chef_version: ${{ vars.CHEF_VERSION }}
 
   integration-nginx-full:
     needs: lint-unit
@@ -105,6 +90,7 @@ jobs:
         with:
           suite: ${{ matrix.suite }}
           os: ${{ matrix.os }}
+          chef_version: ${{ vars.CHEF_VERSION }}
 
   final:
     runs-on: ubuntu-latest

diff --git a/CHANGELOG.md b/CHANGELOG.md
diff --git a/kitchen.global.yml b/kitchen.global.yml
@@ -18,7 +18,7 @@ platforms:
   - name: almalinux-8
   - name: almalinux-9
   - name: amazonlinux-2023
-  - name: centos-stream-10
+  - name: centos-stream-9
   - name: debian-11
   - name: debian-12
   - name: fedora-latest

diff --git a/kitchen.yml b/kitchen.yml
@@ -32,55 +32,34 @@ suites:
   - name: distro
     run_list:
       - recipe[test::distro]
-      - recipe[test::test_site]
     verifier:
       inspec_tests:
-        - test/integration/default
         - test/integration/default_install
   - name: distro-nginx-full
     run_list:
       - recipe[test::distro_nginx-full]
-      - recipe[test::test_site]
     includes:
       - ubuntu-22.04
       - ubuntu-24.04
     verifier:
       inspec_tests:
-        - test/integration/default
         - test/integration/default_install
   - name: repo
     run_list:
       - recipe[test::repo]
-      - recipe[test::test_site]
     verifier:
       inspec_tests:
-        - test/integration/default
         - test/integration/repo
-        - test/integration/repo_install
-  - name: repo_overrides
-    run_list:
-      - recipe[test::repo_overrides]
-      - recipe[test::test_site]
-    verifier:
-      inspec_tests:
-        - test/integration/default
-        - test/integration/repo_overrides
-        - test/integration/repo_install
   - name: epel
     run_list:
       - recipe[test::epel]
-      - recipe[test::test_site]
     includes:
       - almalinux-8
       - almalinux-9
       - centos-stream-9
       - centos-stream-10
       - rockylinux-8
       - rockylinux-9
-    verifier:
-      inspec_tests:
-        - test/integration/default
-        - test/integration/epel
   - name: invalid-conf
     run_list:
       - recipe[test::invalid-conf]
diff --git a/test/cookbooks/test/recipes/distro.rb b/test/cookbooks/test/recipes/distro.rb
@@ -1,3 +1,5 @@
-apt_update 'update' if platform_family?('debian')
+apt_update 'update'
 
 nginx_install 'distro'
+
+include_recipe 'test::test_site'
diff --git a/test/cookbooks/test/recipes/distro_nginx-full.rb b/test/cookbooks/test/recipes/distro_nginx-full.rb
@@ -3,3 +3,5 @@
 nginx_install 'distro' do
   packages 'nginx-full'
 end
+
+include_recipe 'test::test_site'
diff --git a/test/cookbooks/test/recipes/epel.rb b/test/cookbooks/test/recipes/epel.rb
@@ -1,3 +1,5 @@
 nginx_install 'nginx' do
   source 'epel'
 end
+
+include_recipe 'test::test_site'
diff --git a/test/cookbooks/test/recipes/repo.rb b/test/cookbooks/test/recipes/repo.rb
@@ -1,5 +1,7 @@
-apt_update 'update' if platform_family?('debian')
+apt_update 'update'
 
 nginx_install 'nginx' do
   source 'repo'
 end
+
+include_recipe 'test::test_site'
diff --git a/test/cookbooks/test/recipes/repo_overrides.rb b/test/cookbooks/test/recipes/repo_overrides.rb
diff --git a/test/integration/default/config_test.rb b/test/integration/default/config_test.rb
diff --git a/test/integration/default/controls/config_spec.rb b/test/integration/default/controls/config_spec.rb
@@ -0,0 +1,104 @@
+control 'nginx-config-01' do
+  impact 1.0
+  title 'Nginx Configuration Directories'
+  desc 'Ensure Nginx configuration directories exist with proper permissions'
+
+  describe directory('/etc/nginx') do
+    it { should exist }
+  end
+
+  %w(conf.d conf.http.d).each do |dir|
+    describe directory("/etc/nginx/#{dir}") do
+      it { should exist }
+      it { should be_directory }
+      its('mode') { should cmp '0755' }
+    end
+  end
+
+  describe directory('/var/log/nginx') do
+    it { should exist }
+    it { should be_directory }
+    its('mode') { should cmp '0755' }
+  end
+end
+
+control 'nginx-config-02' do
+  impact 1.0
+  title 'Nginx Default Configuration Files'
+  desc 'Ensure default configuration files are not present'
+
+  %w(default.conf example_ssl.conf).each do |config|
+    describe file("/etc/nginx/conf.d/#{config}") do
+      it { should_not exist }
+    end
+  end
+end
+
+control 'nginx-config-03' do
+  impact 1.0
+  title 'Nginx Main Configuration'
+  desc 'Verify the main nginx.conf configuration'
+
+  process_owner = case os.family
+                  when 'debian'
+                    'www-data'
+                  else
+                    'nginx'
+                  end
+
+  describe file('/etc/nginx/nginx.conf') do
+    it { should exist }
+    it { should be_file }
+    its('owner') { should eq 'root' }
+    its('group') { should eq 'root' }
+    its('content') { should match(/user\s+#{process_owner};/) }
+    its('content') { should include 'worker_processes      auto;' }
+    its('content') { should include 'pid                   /run/nginx.pid;' }
+    its('content') { should include 'worker_connections  1024;' }
+    its('content') { should include 'sendfile            on;' }
+    its('content') { should include 'tcp_nopush          on;' }
+    its('content') { should include 'tcp_nodelay         on;' }
+    its('content') { should include 'keepalive_timeout   65;' }
+    its('content') { should include 'types_hash_max_size 2048;' }
+  end
+end
+
+control 'nginx-config-04' do
+  impact 1.0
+  title 'Nginx Site Configurations'
+  desc 'Verify various site configuration files'
+
+  describe file('/etc/nginx/conf.http.d/default-site.conf') do
+    it { should exist }
+    it { should be_file }
+    its('owner') { should eq 'root' }
+    its('group') { should eq 'root' }
+    its('content') { should include 'listen       80;' }
+    its('content') { should include 'access_log   /var/log/nginx/localhost.access.log;' }
+    case os.family
+    when 'redhat'
+      its('content') { should include 'root       /usr/share/nginx/html;' }
+    when 'debian'
+      its('content') { should include 'root       /var/www/html;' }
+    end
+  end
+
+  describe file('/etc/nginx/conf.http.d/test_site.conf') do
+    it { should exist }
+    it { should be_file }
+    its('mode') { should cmp '0644' }
+  end
+
+  describe file('/etc/nginx/conf.http.d/test_site_disabled.conf.disabled') do
+    it { should exist }
+    it { should be_file }
+  end
+
+  describe file('/etc/nginx/conf.http.d/foo.conf') do
+    it { should exist }
+    it { should be_file }
+    its('content') { should include '## OVERRIDE FROM TEST COOKBOOK' }
+    its('content') { should include 'upstream bar {' }
+    its('content') { should include '  server localhost:1234;' }
+  end
+end
diff --git a/test/integration/default/controls/service_spec.rb b/test/integration/default/controls/service_spec.rb
@@ -0,0 +1,11 @@
+control 'nginx-service-01' do
+  impact 1.0
+  title 'Nginx Service'
+  desc 'Verify that Nginx service is installed, enabled and running'
+
+  describe service('nginx') do
+    it { should be_installed }
+    it { should be_enabled }
+    it { should be_running }
+  end
+end
diff --git a/test/integration/default/inspec.yml b/test/integration/default/inspec.yml
@@ -0,0 +1,7 @@
+---
+name: default
+title: Nginx Suite
+summary: Nginx integration tests
+supports:
+  - os-family: linux
+  - os-family: bsd
diff --git a/test/integration/default/service_test.rb b/test/integration/default/service_test.rb